diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 18c21d5f9f..9f34429734 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -107,7 +107,7 @@
 
   # ==> Configuration for :rememberable
   # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
+  config.remember_for = 90.days
 
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
@@ -128,7 +128,7 @@
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  config.timeout_in = 30.days
+  config.timeout_in = 90.days
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 26a833e0b7..443ca405f7 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -2,7 +2,7 @@
 
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_growstuff_session'
+Rails.application.config.session_store :cookie_store, key: '_growstuff_session', expire_after: 90.days
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information